StorageCraft Technology Corporation
X

When a new administration comes in, laws start to transform. Bills around healthcare in particular have popped up in Congress and though they’ve struggled to gain traction, there are certainly updates on the horizon. But despite changes to insurance and healthcare laws, one thing will stay the same: the importance of health information security.

As you know, the Health Insurance Portability and Accountability Act, or HIPAA, regulates how healthcare providers (Covered Entities) handle electronic protected health information (ePHI). These laws are designed to create policies that protect the personal information of healthcare patients. While HIPAA reform is possible under the new administration, there are only rumors at this point. Cyberattacks like Wannacry that affected thousands of systems and patient records, made it clear that healthcare systems can be incredibly vulnerable. It’s easy to see why they’re a target when the personal information they possess is highly valuable to criminals.  And with increases in cyberattacks, HIPAA laws will likely become more stringent rather than less.

Addressing new laws is much easier if your clients are up to par already. So whether you’re newer to HIPAA or you’re a seasoned HIPAA hero, here’s what you may want to consider as the new administration starts making changes.

Understand the Laws

HIPAA hasn’t changed drastically in the last few years, but that’s no reason to slouch. If you’re new to HIPAA, the U.S. Department of Health & Human Services has a full list of requirements under HIPAA. The laws themselves are a bit of a slog to read through, but a simpler way for an MSP to understand healthcare IT and even add compliance services, is to work with a partner like HIPAA Secure Now. They provide white-labeled resources IT firms can resell to healthcare professionals, and they make it incredibly easy. This lets you offer world-class HIPAA compliance testing, training, and more whether you work with large hospitals or small practices.

Evaluate Your Current Networks

If you’re currently servicing clients with HIPAA requirements, it’s wise to conduct a regular HIPAA audit. Although not every component of HIPAA is your responsibility, technology certainly is. As a refresher, you’ll typically ensure that clients have iron-clad security, rock-solid backups, a full backup and disaster recovery plan, a way to keep records of who accesses what information when, and so on. Take a look at what you already have in place and see if it’s up to snuff. If you need to make changes or upgrades, don’t hesitate to make it happen.

Have Clients Evaluate Policies

Your role involves IT, but your client’s role involves creating and following policies that keep them compliant. Take a moment to ask clients how they feel about their HIPAA-related policies, and be ready to offer help if they need it. All the security in the world won’t matter if their employees aren’t following best practices, so make sure they’re on track.

Keep an Eye on Changes to Laws

As noted, HIPAA hasn’t changed a lot in the last few years, though with a new administration, it’s possible that changes are to come. With cyberattack frequency increasing and large-scale breaches becoming a yearly issue, the way we handle personal information is becoming more important than ever. It’s likely that new laws—whether specific to healthcare or commercial entities in general—will prioritize data security. Keep an eye on the headlines and stay up-to-date on the latest happenings from Congress, and you’ll have time to prepare for the changes if they happen.

Many in the healthcare or IT field see HIPAA compliance as a burden, but the laws actually amount to practical steps every healthcare provider—or even every business—should take to protect the information they have. As cyberattacks become more frequent, it’s practical to regularly audit clients for HIPAA compliance to make sure they meet or exceed the law’s expectations. Data breaches can result in costly fines, and it’s up to you to help your clients prevent them.

View Comments

  • VMware Player is not a Type 1 hypervisor, and therefore does not have better performance than Virtualbox "because it runs directly on the hardware."

  • Yes, a span size of two means that each span is as small as possible. So a span size of two in RAID 100 means that you are actually getting RAID 10 without anything extra (it is the middle RAID 0 that is eliminated.) So the advice is good, basically you always want a span size of two if the option exists. Some controllers cannot handle a RAID 10 large enough to accommodate all attached drives and so larger spans are required. Typically this does not happen until you have at least ~18 drives or so.

  • The one question I have coming out of this results from the conversation that I believe possibly prompted this blog post, namely that in this thread on SpiceWorks:

    http://community.spiceworks.com/topic/548896-raid-10-2-spans-a-cautionary-tale-it-can-happen-to-you

    The recommendation/default for at least one DELL controller model was a span-size of 2, with comments referring to this being referred to as the optimal configuration for larger arrays. Is there any evidence to support this being the optimal configuration? Your blog post, and my (albeit limited) understanding of RAID would suggest that this advice is flawed. Then again, maybe I am misunderstanding something at a fundamental level?

    Furthermore, would there be any benefit to adding in multiple RAID-0 layers above the RAID-100 so that the member size of all arrays involved is kept as small as possible?

  • I like the article, to be honest I've seen many posts on newspapers, magazines and even blogs that praises the open-source as it without being put on glory or hell, just neutral

    I'll like to add some other software like Thunderbird (for email), Git (for developers) and maybe replace Notepad++ with Geany/Gedit/Kate (or the text editor of your preference, yours being the Notepad); otherwise I like your choices and those are apps that I use a lot, even if in my workplace they don't want to replace it

    • Hey Dom, depending on where you're located there are a number of ways you can dispose of VHS tapes. Most thrift shops will take them off your hands, assuming they're actual movies and not simply blank tapes. Another option is to use Greendisk (greendisk.com), which allows you to mail in your old VHS tapes for recycling. Beyond that, there may be some options specific to your location (there are waste recycling facilities that can handle this type of trash all over), a quick Google search might reveal some of them.

  • Hi there, I think your web site may be having internet browser compatibility problems.
    Whenever I look at your web site in Safari, it looks fine
    however when opening in I.E., it has some overlapping issues.
    I simply wanted to provide you with a quick heads up!
    Besides that, wonderful site!

    • Thanks for letting us know, we really appreciate it. Do you happen to know which version of IE you're using? I know that sometimes the older versions don't cooperate. I can't seem to reproduce the results you're seeing, but we're looking into it. Thanks again for bringing this to our attention.

  • I think you are missing the point entirely here. I have a home with 5 PCs all running same Windows OS version and same versions of Office. MOST of the file data on the machines are copies of same files on other machines: the Windows OS files and Office binaries. I want to backup full system snapshot images (not just photos and music) daily to a NAS on my LAN, or even a headless Windows machine acting as a NAS (like the old Windows Home Server product). I want the bandwidth savings of laptops backing up over wifi to notice that those windows files are already stored and not transmit them over wifi. I also want the total NAS storage of all combined backups reduced so that I can copy the NAS storage to either external drive for offsite storage, or more interesting up to the cloud for redundancy. ISP bandwidth caps, limited upstream bandwidth, and cloud storage annual cost per GB mean that deduplicated backup storage is essential. The cost of additional local storage is NOT the only consideration.

    I don't care about Windows Server's integrated deduplication. The deduplication has to be part of the backup system itself, especially if you are doing cluster or sector level deduplication, to avoid sending the duplicate data over the wire to the data storage in the first place.

    I've been looking at different backup solutions to replace Windows Home Server (a decade-old product that offered deduplication), and your product looked very interesting, but unfortunately the lack of built-in deduplication rules it out for me. I can only imagine how this affects 100-desktop customers when I wont't even consider it for 5-desktop home use.

    • Thank you for your comments. We appreciate all points of view on this topic.

      I agree that ISP bandwidth caps, limited upstream bandwidth, and cloud storage cost per GB show how critical it is to minimize data transmissions offsite. I also believe that much like modems and BETA video tapes, the bandwidth of today is giving way to higher access everywhere. For example, Google Fiber is now available to some of my peers at the office. Cellular LTE and satellite technologies are also increasing bandwidth for small business and home offices. At the same time, our data consumption and data creation is increasing at a rate that may outpace this increased supply of bandwidth. Either way, there are ways to work around data transmission limits.

      One way we help with data transmission over slower networks is we incorporate WAN acceleration and bandwidth scheduling technologies into our offsite replication tools. These allow you to not only get the most efficient use of available bandwidth but to also schedule your data replication during off-peak hours. Another way we help with data transmission is through compression. Deduplication is after all simply another form of data compression which reduces the near side (source) data before it is transmitted over the wire (target).

      In your case, you could use our product to store images on a local volume which has deduplication. You could then replicate data over the wire to offsite storage using ImageManager or some other tool. Many of our customers do this very thing.

      Keep in mind that the deduplication process has to occur at some point: either at the source or at the target. If you wanted to deduplicate your 5 PCs you would be best served with a BDR solution that can read each of those PCs, see the duplicate files on each, and avoid copying those files to storage. In this example, deduplication would occur on your BDR but you're still reading data from each PC over the wire to your BDR. In addition, your BDR would control the index for data stored on a separate volume or perhaps has the storage volume incorporated in the BDR. This creates a single point of failure because if your BDR crashes then the backup images for your 5 PCs wouldn't be recoverable and current backup processes cease.

      At StorageCraft we focus on the recovery. Our philosophy means that we take the smallest fastest backup images we can and then we give you ways to automatically test those images for reliability, compress them into daily/weekly/monthly files according to your retention policy, and replicate those images locally and offsite. This gives you a solid foundation from which to recover those images quickly to almost any new environment. I have yet to see a faster more reliable solution among our competitors.

      Cheers,
      Steven

  • Regarding Shadowprotect desktop:
    I am looking for the following capabilities
    1. Windows 8.1 compatability
    Everything I've examined says Win 8 but nothing about Win 8.1
    2. I want to be able to do the following on an ACER S-3:
    320gb hd with Win 8.1
    create an image of the 320gb drive.
    Install a 120gb drive in the ACER.
    Install the image to the 120gb drive.
    I am assuming that I can boot from the Shadowprotect
    CD, use an external usb connected dock with the 320gb
    image, and successfully install the image from the
    external dock to restore to the 120gb drive installed in the ACER.
    3. Does Shadowprotect take care of setting up the needed
    partition and format for the target drive (120gb in this case)

    I've looked at several of the alternatives to your product
    posing the same questions above and get vague or downright
    misleading answers to my items 1, 2 AND 3 above.

    If I purchase your product will I be able to do what I
    want as stated in items 1,2 and 3 above?

    I have done exactly what I described in items 1,2 and 3
    above for WIN 7 using a product called EZGIG II and am
    pleased with the results. I am looking for the same
    capability for Win 8.1.

    Please avise,
    Joe O'Loughlin

    • Hello Joe,

      Thank you for your questions. I'm sorry that other vendors have disappointed you with vague or misleading answers. Fortunately I have good news for you.

      1) Yes, we are compatible with Microsoft Windows 8.1 technology. The ShadowProtect ReadMe file contains information about version compatibility (near the bottom). Here's a link to the ReadMe file stating that we are compatible with Windows 8.1 and Windows 8.1 Enterprise.

      2) Yes, you can resize the image of a larger disk to fit on a smaller disk. This is typical of SSD upgrades where the less expensive and larger HDD is replaced with a smaller and faster SSD drive. Please keep in mind that we cannot shrink a partition past the data written on the volume. Here are some articles on shrinking disk volumes that you can read in our knowledgebase:

      Shrink volume size: Removing free space from an image.
       
      Alternative Methods to Shrinking volume size for your drives.
       
      Why can't ShadowProtect shrink the volume further?

      Also, I find that our StorageCraft CrossPlatform Recovery Environment tools seem to shrink a disk volume the best. If you purchase ShadowProtect I would recommend that you download the Recovery Environment and burn it to a USB key or CD/DVD to assist you in the process.

      3) Yes, ShadowProtect takes care of the needed partitioning and format for the target drive. Please keep in mind that if this is an SSD drive, these drives typically have a manufacturer's disk utility you should run to properly condition the drive first. When you run the Restore Wizard you will be able to see your target drive and properly format and initialize it within ShadowProtect.

      Lastly, you can download an evaluation copy of our software and test the first two of these three questions: namely Windows 8.1 compatibility and shrinking your disk volume. You will need to purchase a licensed copy of the software to be able to restore to new hardware, but once you do you'll have a reliable backup solution to continually protect your system and data. I use a continuous incremental backup on my work and home computers to ensure no matter what happens I will always be able to recover my important Windows systems and data.

      Cheers,
      Steven

  • Hi Steven
    at 6 august 2013 you wrote:
    " Another release will have the complete tools for backing up and recovering both Linux and Windows systems. I can tell you that this later release will be out before the end of the year."

    But now we are already in 2014.

    when we can have this "complete tools for backing up and recovering both Linux and Windows systems" ?

    Thanks

    • Hello Carlo,

      Yes, you have pointed out the travails of being both a Techie and a Marketer, namely predicting software release dates. We both know how fast technology changes these days. What with Microsoft updates, new hardware (and the associated drivers), the constant flow of Linux distros, and StorageCraft's penchant for getting everything perfectly aligned before a release and my job as a Technical Marketer job becomes nigh impossible. I apologize for getting the date wrong, and will post more information about the upcoming software release as soon as I get it.

      Thank you for keeping me honest.

      Cheers,
      Steven

    1 2 3 11